Neelie Kroes has made another speech: Taking care of the Internet.
It’s another act of political ambiguity full of high-sounding phrases that mean nothing. Even the title is ambiguous: taking care as in nurturing, or taking care as in solving a problem? She has this vision of the internet, her ‘Internet Essentials’. She calls it her ‘Compact for the internet’:
One Internet that is
Architecturally sound, inspiring
It’s nothing more than a contorted sound bite, and when policy is forced into suiting a sound bite we do not get good governance. (Being mono-lingual I can only guess at the effort that has to go into producing multi-lingual sound bite anagrams – or do we have different policies to suit different languages?)
But basically it is the traditional eurocrat speech: I’m good, I believe in freedom, but I may have to exercise control for the benefit of everyone. One paragraph, a single sentence, stands out as being full of platitudinal menace:
Ultimately, different actors have different fields of expertise and responsibility: that must be respected, and due weight must be given accordingly.
That sounds to me like the nail in the coffin of net neutrality.
In politics, one good sound bite is worth a thousand good deeds; and the truth gets mislaid in the middle. This is what happened when Neelie Kroes tweeted: “Me recycling computers at the WEEE centre, #Nairobi http://t.co/FquRE13U”. And there’s another photo of her with a crowd of schoolkids. Africa, kids, recycling… What could be better?
The truth could be better; and the truth is that while recycling is good, re-using is better.
The EU WEEE Directive requires responsible decommissioning for old computers. You can’t just dump them in landfill – that’s irresponsible, dangerous and illegal. So to help responsible decommissioning, manufacturers pay a levy for every computer they sell. This levy then funds the Producer Compliance Schemes, which decommission defunct hardware responsibly – and legally. The problem is that WEEE is passively promoting recycling rather than actively promoting re-use. Consider this:
- High levels of product replacement and the concentration of energy intensity in the ICT production rather than use phase (80 and 20 percent, respectively) means that any activity that extends the life of ICTs–such as reuse–should be prioritised
- Reusing working computers is up to 20 times more energy-efficient than recycling them. Also, reuse has lower resource depletion costs than recycling. Thus, the waste hierarchy, which has reuse as more environmentally beneficial than recycling, equally applies to unwanted ICTs as to other wastes
ICT and the Environment
Change may happen. An amendment to the WEEE Directive is under discussion, and may come to fruition next month (October 2011); and come into UK law next year. The aim is to set a target of 5% re-use on old hardware. Five per cent! Anja ffrench, the director of marketing and communications at Computer Aid (a charity that concentrates on re-using rather than recycling) is too much of a lady to complain. “The European Parliament is proposing a 5% re-use target, which we would most definitely welcome,” she says – although the reality is it should be a 75% target.
“Computer Aid,” she told me, “is a WEEE-authorised treatment facility approved by the Environment Agency to take in equipment for re-use. We’re not signed up to any Producer Compliance Scheme – although we use DHL, which does belong to the Producer Compliance Schemes, for any recycling we have to do. So we’re a part of WEEE without directly being a WEEE compliance scheme.”
When you consider the cost of recycling in order to recover a fairly minimal value from the valuable metals contained, combined with the energy cost of manufacturing a new computer, then there is a clear environmental argument in favour of re-use. “And if you donate to a charity like Computer Aid,” continued Anja, “then there is a social argument as well. We take full legal liability for all of the equipment donated to us. We use Ontrack to data wipe all laptops, desktops, servers, and base units – and if for any reason we can’t do that, the disks are crushed and melted. Then it goes to a good cause.” And it’s all certified and guaranteed.
So you can donate to a good cause and have confidence that you are simultaneously destroying any data accidentally left on your systems. Everything that is reusable finds a deserving and needy home, and you can check this on Computer Aid’s Flickr streams.
“We have a waiting list right now for donations of old computers,” said Anja. “We have a continuous need for computers, laptops and monitors.” So, if you want the satisfaction that comes from combining environmental friendliness with legal compliance and adding more than a sprinkling of the warm, fuzzy feeling you get for doing absolutely the right thing, call Computer Aid now on +44 (0) 208 361 5540. Decommissioning should be more re-using than recycling.
I was talking to Uri Rivner – as one does – about the future of security. Uri is Head of New Technologies, Identity Protection at RSA; and knows a thing or two.
But first a background. Security isn’t working. Ask Google or Sony or Nintendo or Mitsubishi or, indeed, RSA. Nobody is saying we need to chuck out all our existing security products and processes; but we need to do more to make it work. And that’s what we were talking about.
“Two things.” said Uri. “Firstly, in the future you will see more advanced analytics: automated detection systems, like the on-line banking fraud detections systems or online credit card fraud detection systems. We will see things that are automated and will learn, rather than have to rely on the rules that an expert writes.” At the moment, much of our attack detection is based on the rule definitions of our security experts; and it is difficult to write a rule to detect something we’ve never seen before. “Computers,” added Uri, “are much better at finding software attacks.”
Hold on to that thought: the future of security is in advanced, intelligent, automated analytics.
“Secondly,” he continued, “the future will include data sharing. Corporates today just don’t share their data with anyone else. If you are under attack, you’re on your own. But the future will have to include some level of data sharing in realtime. There will have to be some way to collaborate in realtime, so that rather than relying just on your own security operatives, you actually rely on the industry’s wisdom to help you find these attacks. In many cases the attackers don’t go after a single specific target; they go after lots of targets within a certain industry or country. So it will be crucial to share data in realtime.
“How will we do it? As always, the devil is in the detail. Not all of the technologies or directions are ready yet. There are tools and technologies that are being deployed as we speak, but I would say that it will take the industry a couple of years to actually do something that has a fighting chance against APT-type attacks.”
There are indeed many problems; not least the reluctance of one company to share information with another company that might be, or become a competitor. Government seems to be a good starting point, where inter-departmental co-operation can be mandated before ultimately evolving into inter-governmental collaboration. But governments are naturally secretive: they believe their function is to gather intelligence, not to share it out. And then there’s the legal pitfalls of multiple legal jurisdictions, each with subtly different data protection requirements.
But Uri insists on both the necessity and inevitability of data sharing. “The idea is not,” he continued, “to configure a big shared repository and say, hey, we’re under attack. We have to be more subtle. We have to abstract the data, anonymise the data, and we have to do all the things that will make it even legal to share data between competing operations and different countries. But the bottom line is this: we have to do it; it’s a must.
“Ask any US CISO,” he continued. “The USA has been heavily attacked over the last 18 months, and all the CISOs agree: we want to share data, we want it at machine speed and in realtime, and we don’t want to share it several days later. So we need to work out how we can do this and be both legal and practical. It will happen at some point. The banking sector is already doing this. They actually share data in realtime. Not everybody knows this, but it’s one of the measures the banking sector has already taken. If bank A is being attacked – I’m talking about financial fraud here, not APT – by some hacker or criminal and they learn about it, automatically it goes into a central repository which means that everyone is now protected from this attack. There are ways to solve this sort of thing. Exposure, legal issues, customer trust issues – there are ways to share data.”
So the future of security is in the combination of large-scale automatic and intelligent analytics with wide-scale security data sharing. Now here’s a co-incidence, and it really is purely a co-incidence: on Thursday a new security product that fulfils the first and could be used for the latter will be announced. I’ll tell you more about that on Thursday.